Southeast Asia a hotbed for phishing attacks

Improved awareness is what is needed to combat old but still effective cybercrime, according to a new report from Kaspersky, after it detected 14 million phishing attempts against internet users in the Southeast Asia region for the first six months of 2019.

According to the report, Southeast Asia remains a target of cybercriminals attempting to infect networks and devices through the simplest yet still most effective trick of phishing.

Kaspersky reveals that attempts to direct its users to phishing websites during the first half of 2019 was highest in Vietnam, Malaysia, and Indonesia.

There are over 11 million combined attempts detected from these three countries. Moreover, Thailand logged nearly 1.5 million attempts while the Philippines had over one million incidents. Singapore posted only 351,510 attempts from January to June of this year.

On the other hand, the ranking of SEA countries dynamically changes when it comes to the percentage of users infected by phishing attacks. In Kaspersky’s phishing statistics for the first half of 2019, it shows the Philippines has the highest percent of phishing victims at 17.3%. The growth posted is 65.56% higher compared with the data for the same period last year at 10.449%.

Malaysia scored the second highest at 15.829% of users infected through phishing from 11.253% in the first half of 2018. Coming behind is Indonesia with 14.316% from 10.719% last year, Thailand at 11.972% from 10.9% and Vietnam followed closely at 11.703% from 9.481%. Singapore recorded 5% this year compared to 4.142% posted last year.

Phishing attempts refer to the frequency that cybercriminals try to entice Kaspersky users to visit fraudulent websites to steal their information in particular regions and territories. Meanwhile, the percentage of infected users indicate the proportion of Kaspersky users targeted by these phishing attempts within a given timeframe.

"This old but effective threat is real in Southeast Asia and shows no signs of fading anytime soon. The region is composed of many young and highly-mobile populations and admit or not, we need to educate them on the risks of basic attacks like phishing,” says Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

“It is an accepted fact that the young users will buy a new phone, then think of securing it physically but never virtually. And as long as individuals will continue to let their guards down when using the internet, we can be sure that we’d keep on counting phishing victims again and again.”

The effectiveness of phishing scam proved enticing to criminals who can easily sell stolen credentials in the dark web. Fraudsters are after user credentials that include credit card numbers and passwords to bank accounts and other financial applications.

While authorities and private companies have warned users time and again that they would not solicit personal information over the internet, the number of victims has been increasing. In spite of the increased awareness of online scams, users are becoming less concerned about the consequences as evidenced by the growth in the number of affected users.

“It’s seriously alarming that phishing tricks are still very effective in deceiving internet users in Southeast Asia.,” says Tiong .

“It’s also worth noting that cybercriminals can use the same email phishing strategy for years and someone will still provide their personal details willingly or click a malicious link unknowingly.

“Our latest data proves that we really need to work on turning the internet users in the region into well-informed and meticulous recipients who would be able to recognize such fraudulent ancient tricks.”

Kaspersky offers these steps below to avoid falling victim to a phishing scam:

• Always keep a keen eye on suspicious emails. If it looks too good to be true, check, double-check, and triple-check. If the email comes supposedly from your bank, call the bank immediately to verify. Historically, banks will never ask for your details such as a password. They usually ask for personal detail updates in person by filling out a form on their branch.

• Maintain two email addresses if you are using free accounts. One is for official use and the other is for websites that require you to log in to read the news or gather information.

• Not all smartphones are secure so be careful of messages that will lead you to a website. There are a number of malicious software that can gain entry into your contacts list and financial apps.

• Use a reliable security solution with anti-phishing and secure payment capabilities like Kaspersky Internet Security, Kaspersky Total Security, and Kaspersky Security for Cloud.

• Still, the best defense to phishing is being informed and discerning of the emails and other messages users receive. There is no harm in being too cautious especially most of the financial transactions are now done online in pursuit of digitalization.